Client-controlled cryptography-as-a-service in the cloud
作者: Sören Bleikertz , Sven Bugiel , Hugo Ideler , Stefan Nürnberger , Ahmad-Reza Sadeghi
DOI: 10.1007/978-3-642-38980-1_2
关键词: Hypervisor 、 Enterprise information security architecture 、 Cloud computing security 、 Trusted Platform Module 、 Computer security 、 Cryptographic primitive 、 Provisioning 、 Computer network 、 Trusted Computing 、 Computer science 、 Cloud computing
摘要: Today, a serious concern about cloud computing is the protection of clients' data and computations against various attacks from outsiders as well provider. Moreover, clients are rather limited in implementing, deploying controlling their own security solutions cloud. The provider theoretically has access to stored keys dormant images during run-time infeasible because authenticating running VM instances not possible. In this paper, we present architecture that allows for establishing secure client-controlled Cryptography-as-a-Service (CaaS) cloud: Our CaaS enables be control provisioning usage credentials cryptographic primitives. They can securely provision or even implement private virtual module (e.g., vHSM SmartCard). All operations run protected client-specific execution domain. This achieved by modifying Xen hypervisor leveraging standard Trusted Computing technology. our solution legacy-compatible installing transparent layer storage network I/O VM. We reduced privileged hypercalls necessary administration 79%. evaluated effectiveness efficiency design which resulted an acceptable performance overhead.
springer.com
tu-darmstadt.de
openfoo.org参考文章(38)
Dan Bogdanov, Sven Laur, Jan Willemson, Sharemind: A Framework for Fast Privacy-Preserving Computations european symposium on research in computer security. pp. 192- 206 ,(2008) , 10.1007/978-3-540-88313-5_13
Luigi Catuogno, Alexandra Dmitrienko, Konrad Eriksson, Dirk Kuhlmann, Gianluca Ramunno, Ahmad-Reza Sadeghi, Steffen Schulz, Matthias Schunter, Marcel Winandy, Jing Zhan, None, Trusted Virtual Domains – Design, Implementation and Lessons Learned Trusted Systems. ,vol. 6163, pp. 156- 179 ,(2010) , 10.1007/978-3-642-14597-1_10
Marcel Winandy, Ahmad-Reza Sadeghi, Christian Stüble, Property-Based TPM Virtualization international conference on information security. pp. 1- 16 ,(2008) , 10.1007/978-3-540-85886-7_1
Ahmad-Reza Sadeghi, Marko Wolf, Christian Stüble, N. Asokan, Jan-Erik Ekberg, Enabling Fairer Digital Rights Management with Trusted Computing Lecture Notes in Computer Science. pp. 53- 70 ,(2007) , 10.1007/978-3-540-75496-1_4
J. M. Rushby, Proof of separability: A verification technique for a class of a security kernels Proceedings of the 5th Colloquium on International Symposium on Programming. pp. 352- 367 ,(1982) , 10.1007/3-540-11494-7_23
Sergio Maffeis, Martín Abadi, Cédric Fournet, Andrew D. Gordon, Code-Carrying Authorization european symposium on research in computer security. ,vol. 5283, pp. 563- 579 ,(2008) , 10.1007/978-3-540-88313-5_36
Krishna P. Gummadi, Nuno Santos, Rodrigo Rodrigues, Stefan Saroiu, Policy-sealed data: a new abstraction for building trusted cloud services usenix security symposium. pp. 10- 10 ,(2012)
Ronald Perez, Reiner Sailer, Leendert van Doorn, None, vTPM: virtualizing the trusted platform module usenix security symposium. pp. 21- ,(2006)
Diana Smetters, Drew Dean, Tom Berson, Michael Spreitzer, Matt Franklin, Cryptography as a Network Service ,(2000)
Krishna P. Gummadi, Nuno Santos, Rodrigo Rodrigues, Towards trusted cloud computing ieee international conference on cloud computing technology and science. pp. 1- 5 ,(2009)